Re: "Debian hardened" ;-)

To: debian-security@lists.debian.org
Subject: Re: "Debian hardened" ;-)
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 3 Dec 2007 21:47:24 +0100
Message-id: <[🔎] slrnfl8qqs.3le.jmm@inutil.org>
References: <[🔎] 9ef66fac0712030725r1d686233j9010c2354e48b566@mail.gmail.com>

Albretch Mueller wrote:
>  I am not trying to bait anyone into an argument. It is just that
> IMHO, even though I see that gentoo has its appeal and value, using it
> for servers is not such as manageable as other distros.
> ~
>  However, I still like very much the gentoo hardened project.
> ~
> // __ http://www.gentoo.org/proj/en/hardened/
> ~
> // __ http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml
> ~
>  Do you know of Debian based attempts to security including all these
> sec features gentoo Linux does?
> ~
>  http://sourceforge.net/projects/debianhardened
> ~
>  Doesn't seem to be active for almost more than 3 years already
> ~
>  I am concretely trying to device something like a Debian baseline
> with a gentoo hardened-like security infrastructure
> ~
>  There exist tutorials on how to setup SELinux on Debian
> ~
>  http://wiki.debian.org/SELinux/Setup
> ~
>  I am trying to also setup on top of  it stuff like PaX/Grsecurity,
> RSBAC ... a la gentoo hardened
> ~
>  Any ideas you would like to share?

Work is under way. See http://wiki.debian.org/Hardening for a brief outline.
A prototype wrapper has been hacked together and Lucas Nussbaum did a full
archive rebuild for i386 with most of the hardening options enabled. This
needs a little bit more work, but after that it should be ready to be announced
to the developers at a larger scale.

Cheers,
        Moritz

Reply to:

References:
- "Debian hardened" ;-)
  - From: "Albretch Mueller" <lbrtchx@gmail.com>

Prev by Date: "Debian hardened" ;-)
Next by Date: Re: "Debian hardened" ;-)
Previous by thread: "Debian hardened" ;-)
Next by thread: Re: "Debian hardened" ;-)
Index(es):
- Date
- Thread